As is known in the art, many organizations, including private and public businesses as well as government agencies have a need to conduct real-time, ontology-based analysis of massive amounts of data collected from diverse sources. For example, a cyber security expert may be tasked with making sense of billions of network events generated by millions of unique users. Such data may be logged by many different network proxies, web servers, Dynamic Host Configuration Protocol (DHCP), and user authentication systems, each having a different log format.
As is also known, modern unstructured key/value stores (i.e. so-called “Big Data” databases) are well suited to storing massive amounts from diverse data sources. Key/value stores are generally more flexible compared to traditional databases (e.g. SQL databases) because they generally do not impose a schema or other constraints on the data stored therein. A single table within a key/value can store data from multiple data sources that use disparate naming conventions and data formats. Further, key/value stores generally provide better write/read performance and scalability compared with traditional databases.